{"id":13454664,"url":"https://github.com/EnableSecurity/wafw00f","last_synced_at":"2025-03-24T06:31:07.467Z","repository":{"id":17024422,"uuid":"19788473","full_name":"EnableSecurity/wafw00f","owner":"EnableSecurity","description":"WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.","archived":false,"fork":false,"pushed_at":"2024-09-26T14:22:42.000Z","size":762,"stargazers_count":5249,"open_issues_count":2,"forks_count":931,"subscribers_count":140,"default_branch":"master","last_synced_at":"2024-10-28T18:37:43.930Z","etag":null,"topics":["fingerprint","waf","waffit","web-application-firewall"],"latest_commit_sha":null,"homepage":"https://www.enablesecurity.com/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"jr9098/Swift-YouTube-Player","license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/EnableSecurity.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2014-05-14T17:08:16.000Z","updated_at":"2024-10-28T13:24:24.000Z","dependencies_parsed_at":"2024-04-10T00:39:25.965Z","dependency_job_id":"621a3d2a-488d-4bda-80ec-4b496d83e426","html_url":"https://github.com/EnableSecurity/wafw00f","commit_stats":{"total_commits":753,"total_committers":37,"mean_commits":20.35135135135135,"dds":"0.33466135458167334","last_synced_commit":"28ec94a9a0c48400aa98505193b2b0e5c738fefc"},"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EnableSecurity%2Fwafw00f","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EnableSecurity%2Fwafw00f/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EnableSecurity%2Fwafw00f/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EnableSecurity%2Fwafw00f/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/EnableSecurity","download_url":"https://codeload.github.com/EnableSecurity/wafw00f/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":221939336,"owners_count":16904953,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["fingerprint","waf","waffit","web-application-firewall"],"created_at":"2024-07-31T08:00:56.524Z","updated_at":"2025-03-24T06:31:07.450Z","avatar_url":"https://github.com/EnableSecurity.png","language":"Python","readme":"\u003ch1 align=\"center\"\u003e\n \u003ca href=\"https://github.com/enablesecurity/wafw00f\"\u003e\u003cimg src=\"https://i.imgur.com/uAgp49o.png\" alt=\"wafw00f\"/\u003e\u003c/a\u003e\n \u003cbr\u003e\n WAFW00F\n\u003c/h1\u003e\n\u003cp align=\"center\"\u003e\n \u003cb\u003eThe Web Application Firewall Fingerprinting Tool.\u003c/b\u003e\n \u003cbr\u003e\n \u003cb\u003e\n \u0026mdash; From \u003ca href=\"https://enablesecurity.com\"\u003eEnable Security\u003c/a\u003e\n \u003c/b\u003e\n\u003c/p\u003e\n\u003cp align=\"center\"\u003e\n \u003ca href=\"https://docs.python.org/3/download.html\"\u003e\n \u003cimg src=\"https://img.shields.io/badge/Python-3.x/2.x-green.svg\"\u003e\n \u003c/a\u003e\n \u003ca href=\"https://github.com/EnableSecurity/wafw00f/releases\"\u003e\n \u003cimg src=\"https://img.shields.io/badge/Version-v2.3.1%20(stable)-blue.svg\"\u003e\n \u003c/a\u003e\n \u003ca href=\"https://github.com/EnableSecurity/wafw00f/blob/master/LICENSE\"\u003e\n \u003cimg src=\"https://img.shields.io/badge/License-BSD%203%20Clause-orange.svg\"\u003e\n \u003c/a\u003e\n \u003ca href=\"https://app.travis-ci.com/github/EnableSecurity/wafw00f\"\u003e\n \u003cimg src=\"https://app.travis-ci.com/EnableSecurity/wafw00f.svg\"\u003e\n \u003c/a\u003e\n\u003c/p\u003e\n\n## How does it work?\n\nTo do its magic, WAFW00F does the following:\n\n- Sends a _normal_ HTTP request and analyses the response; this identifies a\n number of WAF solutions.\n- If that is not successful, it sends a number of (potentially malicious) HTTP\n requests and uses simple logic to deduce which WAF it is.\n- If that is also not successful, it analyses the responses previously\n returned and uses another simple algorithm to guess if a WAF or security\n solution is actively responding to our attacks.\n\nFor further details, check out the source code on our [main repository](https://github.com/EnableSecurity/wafw00f).\n\n## What does it detect?\n\nWAFW00F can detect a number of firewalls, a list of which is as below:\n\n```\n$ wafw00f -l\n\n\n ? ,. ( . ) . \"\n __ ?? (\" ) )' ,' ) . (` '`\n (___()'`; ??? .; ) ' (( (\" ) ;(, (( ( ;) \" )\")\n /,___ /` _\"., ,._'_.,)_(..,( . )_ _' )_') (. _..( ' )\n \\\\ \\\\ |____|____|____|____|____|____|____|____|____|\n\n ~ WAFW00F : v2.3.1 ~\n ~ Sniffing Web Application Firewalls since 2014 ~\n\n[+] Can test for these WAFs:\n\n WAF Name Manufacturer\n -------- ------------\n\n 360WangZhanBao 360 Technologies\n ACE XML Gateway Cisco\n ASP.NET Generic Microsoft\n ASPA Firewall ASPA Engineering Co.\n AWS Elastic Load Balancer Amazon\n AireeCDN Airee\n Airlock Phion/Ergon\n Alert Logic Alert Logic\n AliYunDun Alibaba Cloud Computing\n AnYu AnYu Technologies\n Anquanbao Anquanbao\n AppWall Radware\n Approach Approach\n Armor Defense Armor\n ArvanCloud ArvanCloud\n Astra Czar Securities\n Azion Edge Firewall Azion\n Azure Application Gateway Microsoft\n Azure Front Door Microsoft\n BIG-IP AP Manager F5 Networks\n BIG-IP AppSec Manager F5 Networks\n BIG-IP Local Traffic Manager F5 Networks\n Barikode Ethic Ninja\n Barracuda Barracuda Networks\n Bekchy Faydata Technologies Inc.\n Beluga CDN Beluga\n BinarySec BinarySec\n BitNinja BitNinja\n BlockDoS BlockDoS\n Bluedon Bluedon IST\n BulletProof Security Pro AITpro Security\n CacheFly CDN CacheFly\n CacheWall Varnish\n CdnNS Application Gateway CdnNs/WdidcNet\n ChinaCache Load Balancer ChinaCache\n Chuang Yu Shield Yunaq\n Cloud Protector Rohde \u0026 Schwarz CyberSecurity\n Cloudbric Penta Security\n Cloudflare Cloudflare Inc.\n Cloudfloor Cloudfloor DNS\n Cloudfront Amazon\n Comodo cWatch Comodo CyberSecurity\n CrawlProtect Jean-Denis Brun\n DDoS-GUARD DDOS-GUARD CORP.\n DOSarrest DOSarrest Internet Security\n DataPower IBM\n DenyALL Rohde \u0026 Schwarz CyberSecurity\n Distil Distil Networks\n DotDefender Applicure Technologies\n DynamicWeb Injection Check DynamicWeb\n Edgecast Verizon Digital Media\n Eisoo Cloud Firewall Eisoo\n Envoy EnvoyProxy\n Expression Engine EllisLab\n Fastly Fastly CDN\n FirePass F5 Networks\n FortiGate Fortinet\n FortiGuard Fortinet\n FortiWeb Fortinet\n GoDaddy Website Protection GoDaddy\n Google Cloud App Armor Google Cloud\n Greywizard Grey Wizard\n Huawei Cloud Firewall Huawei\n HyperGuard Art of Defense\n ISA Server Microsoft\n Imunify360 CloudLinux\n Incapsula Imperva Inc.\n IndusGuard Indusface\n Instart DX Instart Logic\n Janusec Application Gateway Janusec\n Jiasule Jiasule\n KS-WAF KnownSec\n Kemp LoadMaster Progress Software\n KeyCDN KeyCDN\n Kona SiteDefender Akamai\n LimeLight CDN LimeLight\n LiteSpeed LiteSpeed Technologies\n Malcare Inactiv\n MaxCDN MaxCDN\n Mission Control Shield Mission Control\n ModSecurity SpiderLabs\n NAXSI NBS Systems\n NSFocus NSFocus Global Inc.\n Nemesida PentestIt\n NetContinuum Barracuda Networks\n NetScaler AppFirewall Citrix Systems\n NevisProxy AdNovum\n Newdefend NewDefend\n NexusGuard Firewall NexusGuard\n NinjaFirewall NinTechNet\n NullDDoS Protection NullDDoS\n OnMessage Shield BlackBaud\n Open-Resty Lua Nginx FLOSS\n Oracle Cloud Oracle\n PT Application Firewall Positive Technologies\n Palo Alto Next Gen Firewall Palo Alto Networks\n PentaWAF Global Network Services\n PerimeterX PerimeterX\n PowerCDN PowerCDN\n Profense ArmorLogic\n Puhui Puhui\n Qcloud Tencent Cloud\n Qiniu Qiniu CDN\n Qrator Qrator\n RSFirewall RSJoomla!\n RayWAF WebRay Solutions\n Reblaze Reblaze\n RequestValidationMode Microsoft\n SEnginx Neusoft\n Sabre Firewall Sabre\n Safe3 Web Firewall Safe3\n Safedog SafeDog\n Safeline Chaitin Tech.\n SecKing SecKing\n SecuPress WP Security SecuPress\n Secure Entry United Security Providers\n SecureSphere Imperva Inc.\n ServerDefender VP Port80 Software\n Shadow Daemon Zecure\n Shield Security One Dollar Plugin\n SiteGround SiteGround\n SiteGuard Sakura Inc.\n Sitelock TrueShield\n SonicWall Dell\n Squarespace Squarespace\n SquidProxy IDS SquidProxy\n StackPath StackPath\n Sucuri CloudProxy Sucuri Inc.\n Tencent Cloud Firewall Tencent Technologies\n Teros Citrix Systems\n Trafficshield F5 Networks\n TransIP Web Firewall TransIP\n UEWaf UCloud\n URLMaster SecurityCheck iFinity/DotNetNuke\n URLScan Microsoft\n UTM Web Protection Sophos\n Variti Variti\n Varnish OWASP\n Viettel Cloudrity\n VirusDie VirusDie LLC\n WP Cerber Security Cerber Tech\n WTS-WAF WTS\n Wallarm Wallarm Inc.\n WatchGuard WatchGuard Technologies\n WebARX WebARX Security Solutions\n WebKnight AQTRONIX\n WebLand WebLand\n WebSEAL IBM\n WebTotem WebTotem\n West263 CDN West263CDN\n Wordfence Defiant\n XLabs Security WAF XLabs\n Xuanwudun Xuanwudun\n YXLink YxLink Technologies\n Yundun Yundun\n Yunjiasu Baidu Cloud Computing\n Yunsuo Yunsuo\n ZScaler Accenture\n Zenedge Zenedge\n aeSecure aeSecure\n eEye SecureIIS BeyondTrust\n pkSecurity IDS pkSec\n wpmudev WAF Incsub\n Shieldon Firewall Shieldon.io\n```\n\n## How do I use it?\n\nFirst, install the tools as described [here](#how-do-i-install-it).\n\nFor help you can make use of the `--help` option. The basic usage is to pass\nan URL as an argument. Example:\n```\n$ wafw00f https://example.org\n\n ______\n / \\\n ( Woof! )\n \\ ____/ )\n ,, ) (_\n .-. - _______ ( |__|\n ()``; |==|_______) .)|__|\n / (' /|\\ ( |__|\n ( / ) / | \\ . |__|\n \\(_)_)) / | \\ |__|\n\n ~ WAFW00F : v2.3.1 ~\n The Web Application Firewall Fingerprinting Toolkit\n\n[*] Checking https://example.org\n[+] The site https://example.org is behind Edgecast (Verizon Digital Media) WAF.\n[~] Number of requests: 2\n```\n\n## How do I install it?\n\n### Install from PyPI (recommended)\nRun:\n```\npython3 -m pip install wafw00f\n```\nor\n```\npip3 install wafw00f\n```\n\n### Via Docker\nIt is also possible to run it within a docker container. Clone this repository first and build the Docker image using:\n```\ndocker build . -t wafw00f\n```\nNow you can run:\n```\ndocker run --rm -it wafw00f https://example.com\n```\n\n### From source\n\u003e NOTE: Be careful to not break your system packages while installing wafw00f. Use venv as and when required.\n\nClone the repository:\n```\ngit clone https://github.com/enablesecurity/wafw00f.git\n```\nThen:\n```\ncd wafw00f/\npython3 -m pip install .\n```\n\nOr, by using pipx directly:\n```\npipx install git+https://github.com/EnableSecurity/wafw00f.git\n```\n\n## Final Words\n\n__Questions?__ Pull up an [issue on GitHub Issue Tracker](https://github.com/enablesecurity/wafw00f/issues/new) or contact [me](mailto:sandro@enablesecurity.com).\n[Pull requests](https://github.com/enablesecurity/wafw00f/pulls), [ideas and issues](https://github.com/enablesecurity/wafw00f/issues) are highly welcome.\n\nSome useful links:\n\n- [Documentation/Wiki](https://github.com/enablesecurity/wafw00f/wiki/)\n- [Pypi Package Repository](https://pypi.org/project/wafw00f)\n\nPresently being developed and maintained by:\n\n- Sandro Gauci ([@SandroGauci](https://twitter.com/sandrogauci))\n- Pinaki Mondal ([@0xInfection](https://twitter.com/0xinfection))\n","funding_links":[],"categories":["Uncategorized","Python","Open Sources Intelligence (OSINT)","Tools","web shell、shellcode","Awesome Tools","Recon","Pentesting","Penetration Testing","Other","Web Exploitation"],"sub_categories":["Uncategorized","Web application and resource analysis tools","网络服务_其他","Web Exploitation","Fingerprinting:","Technologies","WAFs","Information Gathering","XSS","Penetration Testing Report Templates"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FEnableSecurity%2Fwafw00f","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FEnableSecurity%2Fwafw00f","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FEnableSecurity%2Fwafw00f/lists"}